Yuri wrote:
Hi! I've read your message (2002-09-02) about "Samba, PAM, Authentication off an NT Domain".I'm CC'ing this to the list, for posterity.
I've just found this solution and it's work. now I'm installing
woody (dual boot) in all pc of my university! :)
download samba2.2.6 source and compile it. It's easy, read readme.
/etc/samba/smb.conf:
[global]
workgroup = YOURDOMAIN server string = Samba Server %v
security = domain encrypt passwords = Yes
password server = *
log file = /var/log/samba/log.%m
max log size = 50
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
character set = ISO8859-15
os level = 18
local master = No
dns proxy = No
winbind uid = 10000-20000
winbind gid = 10000-20000
winbind separator = +
template homedir = /home/%D/%U
template shell = /bin/bash
winbind use default domain = yes
/etc/pam.d/login:
auth sufficient pam_winbind.so
auth sufficient pam_unix.so use_first_pass
account sufficient pam_winbind.so
account sufficient pam_unix.so
session required /lib/security/pam_mkhomedir.so skel=/etc/skel/ umask=0022
/etc/pam.d/xlock:
auth sufficient pam_winbind.so auth sufficient pam_unix.so use_first_pass account sufficient pam_winbind.so account sufficient pam_unix.so
/etc/nsswitch.conf:
passwd: files winbind nisplus nis
shadow: files nisplus nis
group: files winbind nisplus nis
hosts: files wins nisplus nis dns
networks: files
protocols: db files
services: db files
ethers: db files
rpc: db files
netgroup: nis
hosts: files dns
restart samba windbind...
and join the domain
smbpasswd -j <DOMAIN> -r <DOMAIN_CONTROLLER> -U <DOMAIN_ADMIN>
It's all! bye!
Yuri:
I _very_ much appreciate your response. However, I still have no joy. (Of course, I haven't followed your instructions exactly, so that could be my problem.)
Rather than dowloading/compiling samba2.2.6, I just did an "apt-get install samba" from unstable. I now have at least samba, samba-common, and samba-client on the box (some from earlier attempts at this). "smbd -V" reports this version to be "2.999+3.0.alpha20-4 for Debian". Since the 3.0 is pretty much a rewrite, perhaps something has broken between here and there.
Here's the global section of my /etc/samba/smb.conf:
[global]
workgroup = ACU
server string = %h server (Samba %v)
security = domain
encrypt passwords = true
password server = *
log file = /var/log/samba/log.%m
max log size = 50
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
os level = 18
local master = No
dns proxy = no
winbind uid = 10000-20000
winbind gid = 10000-20000
template shell = /bin/bash
winbind separator = +
template homedir = /home/%D/%U
winbind use default domain = yes
and my /etc/pam.d/login:
auth sufficient pam_winbind.so
auth sufficient pam_unix.so use_first_pass
account sufficient pam_winbind.so
account sufficient pam_unix.so
session required /lib/security/pam_mkhomedir.so skel=/etc/skel/ umask=0022
and my /etc/pam.d/xlock:
auth sufficient pam_winbind.so
auth sufficient pam_unix.so use_first_pass
account sufficient pam_winbind.so
account sufficient pam_unix.so
and my /etc/nsswitch.conf:
passwd: files winbind
group: files winbind
shadow: files winbind
hosts: files dns
networks: files
protocols: db files
services: db files
ethers: db files
rpc: db files
netgroup: nis
I restarted /etc/init.d/samba and /etc/init.d/winbind, and then the "smbpasswd" command as you gave produced an error to use a different command. So I did "net rpc join -U <DOMAIN_ADMIN>", which produced this:
[2002/12/09 21:56:24, 1] rpc_client/cli_netlogon.c:cli_nt_setup_creds(303)
cli_nt_setup_creds: auth2 challenge failed NT_STATUS_ACCESS_DENIED
[2002/12/09 21:56:24, 1] libsmb/trust_passwd.c:just_change_the_password(44)
just_change_the_password: unable to setup creds (NT_STATUS_ACCESS_DENIED)!
[2002/12/09 21:56:24, 1] utils/net_rpc.c:run_rpc_command(156)
rpc command function failed! (NT_STATUS_ACCESS_DENIED)
Password: (I put in my domain password here)
Joined domain ACU.
The "getent passwd" and "getent group" commands show me username and group names in the ACU domain. However, when I switch over to a second virtual terminal and try to log in, I get "Login incorrect". I've tried logging in as "ACU+snert" (snert is a legitimate user on the ACU domain), as "snert", and as "westk" (westk is a local account on the box, and it now fails also, so I better not have a power outage between now and when I get this fixed - doh!).
Anyone know where my problem might lie?
Thanks!
Kent
ACU+westk
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
